CVE-2024-10596 ESAFENET CDG EncryptPolicyTypeService.java delEntryptPolicySort sql injection

A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads to sql injection. The attack may be launched...

CVE-2024-10505 wuzhicms block.php edit code injection

A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2024-10503 Klokan MapTiler tileserver-gl URL cross site scripting

A vulnerability was found in Klokan MapTiler tileserver-gl 2.3.1 and classified as problematic. This issue affects some unknown processing of the component URL Handler. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CVE-2024-10501

The CVE-2024-10501 entry concerns ESAFENET CDG 5. The vulnerability is in ExamCDGDocService.java, findById, where manipulation of the id parameter enables SQL injection. A remote attacker could trigger the issue, and public disclosures exist. Connected documents consistently describe the affected...

CVE-2024-10478

A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms up to 2.0.1. This issue affects some unknown processing of the file /adminarticle/edit?id=2 of the component Edit Article Handler. The manipulation leads to cross site scripting. The attack may be initiated...

CVE-2024-10449 Codezips Hospital Appointment System loginAction.php sql injection

A vulnerability, which was classified as critical, was found in Codezips Hospital Appointment System 1.0. This affects an unknown part of the file /loginAction.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has be...

CVE-2024-10434

A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ateTendamfgcheckusb/ateTendamfgcheckusb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the attac...

CVE-2024-10421

A vulnerability classified as critical was found in SourceCodester Attendance and Payroll System 1.0. This vulnerability affects unknown code of the file /admin/overtimerow.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2024-10420

SourceCodester Attendance and Payroll System 1.0 is affected by a vulnerability in the upload function of /marimar/guest/update.php where the image parameter can be manipulated to cause unrestricted file upload. This can be exploited remotely, and multiple sources confirm the exploit has been pub...

CVE-2024-10416

A vulnerability was found in code-projects Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /file/cancel.php. The manipulation of the argument reqid leads to sql injection. The attack may be initiated remotely. The exploit has bee...

CVE-2024-10415

CVE-2024-10415 affects Code-Projects Blood Bank Management System 1.0. The vulnerability arises from an SQL injection in the /file/accept.php file via the reqid parameter, enabling remote exploitation. Exploitation/vector details are per the CVE description and linked sources; public disclosures ...

CVE-2024-10409

CVE-2024-10409 affects code-projects Blood Bank Management 1.0. The issue resides in the /file/accept.php handler, where manipulation of the query parameter reqid enables an SQL injection. The vulnerability is described as exploitable remotely and is publicly disclosed in multiple feeds, with no ...

CVE-2024-10380

A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/ajaxproduct.php. The manipulation of the argument dropservices leads to sql injection. The attack may be...

CVE-2024-10378 ESAFENET CDG CDGRenewApplicationService.java actionViewCDGRenewFile sql injection

A vulnerability classified as critical has been found in ESAFENET CDG 5. Affected is the function actionViewCDGRenewFile of the file /com/esafenet/servlet/client/CDGRenewApplicationService.java. The manipulation of the argument CDGRenewFileId leads to sql injection. It is possible to launch the...

CVE-2024-10377

A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. This issue affects the function actionPassDecryptApplication1 of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be initiate...

CVE-2024-10371 SourceCodester Payroll Management System main login buffer overflow

A vulnerability classified as critical has been found in SourceCodester Payroll Management System 1.0. This affects the function login of the file main. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used...

CVE-2024-10368 Codezips Sales Management System addstock.php sql injection

A vulnerability was found in Codezips Sales Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /addstock.php. The manipulation of the argument prodtype leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-10350

CVE-2024-10350 concerns the code-projects Hospital Management System 1.0. The vulnerability is a SQL injection in the file /admin/add-doctor.php caused by unsafely manipulated the parameter docname . It is a remote issue with public exploit disclosure, and multiple sources classify the impact as ...

CVE-2024-10335

A vulnerability was found in SourceCodester Garbage Collection Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. T...

CVE-2024-10331

PHPGurukul Vehicle Record System 1.0 is affected by a SQL injection in /admin/search-vehicle.php via the searchinputdata parameter. The vulnerability arises from unsafe handling of the input, allowing remote exploitation and potentially compromising confidentiality, integrity, and availability as...